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Notification of Reason(s) for Refusal 

Japanese Patent Application No. 
2003-535440 
October 3, 2006 
Takayuki Yoshida 9077 5X00 

Applicant Mamoru Takada 

(and another attorney) 
Patent law Section 29(2) 

This application should be refused for the reason mentioned below. 
If the applicant has any argument against the reason, such argument 
should be submitted within 3 months from the dispatch date of this 
notification . 

Reason 

A. The invention in the claims mentioned below of the subject 
application should not be granted a patent under Patent Law Section 
29(2) since it could have easily been made by persons who have common 
knowledge in the technical field to which the invention pertains, on 
the basis of the invention described in the publications mentioned 
Lelow which was distributed in Japan or foreign countries prior to 
the filing of the subject application or become available to the public 
through an electric telecommunication line. 
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The cited reference 1 contains the security communication network which 
configures the channel via other security devices because an error 
occurred. 

If any reason(s) for refusal is found later other than those above, 
it will be notified again. 

If there is an inquiry regarding the contents of this Notification 
of Reason(s) for Refusal or a demand for an interview, please contact 
me at the following address: 

Forth Patent Examination Department, Data network 
:Yoshida (Tel. 03-3581- 1101 ( ext . 3594 ) ) 



Record of the result of prior art search 
•Technical field(s) to be searched H04L 12/00 
Prior art documents Published Japanese translations of PCT 

international publication for patent 
applications No. 2003-521779 
Published Japanese translations of PCT 
international publication for patent 
applications No. 2002-526830 
Japanese laid-open publication No. 
2000-112860 



This record is not a component (s) of the reason(s) for refusal. 
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(54) CIPHER COMMUNICATION METHOD AND SYSTEM 
(57)Abstract: 

PROBLEM TO BE SOLVED: To realize a cipher 
communication system that can continues cipher 
communication even when a decoder is changed due to 
a path change on the occurrence of a path fault during 
the cipher communication. 

SOLUTION: Layout information relating to the layout of 
other routers LI 2 to L14 capable of cipher 
communication is inciuded in path forming information of 
a router L11 that receives are transmits the path 
information such as a routing protocol. In the case that 
any router such as the router LI 3 on an optimum path 
during the cipher communication is disabled of 
communication, a new optimum path is formed again 
and continues the cipher communication with the other 
router LI 4 in existence on the optimum path formed again by using a key decided mutualiy. 
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ft 4 > i » i^Sis fe 5 «^ l 4 ^ tuci|-f ^.ESftS ^iiilD 
t. Bt^aft4>^c^«l$4^fcaft'^’ig^«^5fo5S^^4 
■tixicii-r 5 Eait« S:[tiE1- 5 . 

[002 1] Bf-^aft^ 

Bg^iaft't’igiiaoiBaicgg-rsEfift^sr^tfMSo 
SKJgfiKftffiSrfcirlc:, Si^fflaftirBt^afti: 
(wHmi-Sr i:;55T'#2>4^5/ K !7-^±(w*J(t5ftaS 
sssrjgfijci-saiet. afts^nairorar-iit-i-aft^ 
njmmt. WEaftft^^isafoaBgis^jEci^ofc# 
- g- ic i B ( DSKfl ^ fi £ a « tc ^ 4 n 5 H& lEiaaft «<o rt s 
SrSSfL, Si0rm<7)SKJ^fi£ft«-Srtilc:grfc**aS 
1 1 tic, COgrfc^iftSiSKlc^ai-S 
ft,roaftft^^a t <oraT*®t 0 ^*fc®-irfflv'TBt#a 

[0 0 2 2 ] 

i^m<omm<omm] bt. 

sw^afttst-^aft 

M7— ^IdtJV'T, /W—X-C 

garaTBgr-f^ft$rtfoTV'5«^lc, Bg-§-a«35S^ig 
?^c^a<^eaaicM-f5ft#«r±iESKJi^fiS:ftSiic^ft, 

?r y 

i 5lc-f-5. 0*1x14, 'J 

y D h 3^w-efeixi4, if(D y tcB&^aft^^/<£iSa 
^siBa^i^T^'Tifc.ro^•> VV-^f^xvi^^■WM^n 
x2)(0^\ 

}'3/l'T*i)h-l4, I'/W'f'lcifco^u— 

S-f-Sd'Sr, ^LT, Bf^ 

ftx -^ Sraift - t - 2 )^( c , Sft ^ feWSlF -^ i ^ eic^rfSLfc 
®5rfflv\ »{&Lfc«;a5in44U4fffclc;tfi£f 5, ir*^' 
pCt^^B(C^TX5J:5lC1-5o i^4*3, SicD^^ffl-^ 
^I4, 

Ct;45x*#5o 

[ 0 0 2 3 I JiiScDBt-^aft:^fel±, 0ijx(4li] 1 IC:^1- 
4 5 iCtt^ ^ ix 5 Bt -0-aft '> X X 1C J; o r 5 C 

C(DBt-§-aft'>XT^ 1 14, a^-yV'P — 
^±lcE$tlfci^ftffii](OaftSiaT 11, 0-t'-;/h!7 — 
^±iciH$tLfcsft{iiicoaftsiaT 1 2, c.*xtc>aft 

1. D/'l — ^?L12, B/W— :?L13. C-'l — ^L14 

i(Dm<0^-y S^fflafttBf 

-§-afti:?rl^^lc^at‘#^>J;5lc«fi&^lx6o a^y 
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VU - i ^ t 0 4 ^y h <P — i ^ t \ t '< y^—^y hCDi p / j : 
ft^aft^ 5r:fr L 4tT V ' 2) t o t i" -5, 

[0 0 2 4j #yU-^?L 1 1~L 1 414, ^^yXlTC 
pusrifri-5-a(D=JVfc':x-^Tfcy , ^(ocpm^ 
Jxfcy o iT7 A3- Klr^;y-ji 
^•Cll^7^i^^) C t ic 4oTJgfi£$ix.5vi^-x-7 y^-f 
a h=i7PCDafsg, B&^ftroati, sv, znhnmm 

coyD^/y^a-KSTia 
®tfclE®gtftl4, -'i'-<5'lc||^$ix -attic 14, 0*Jx 
10 tic p ui5g^;^ t y ^ y 

cD-ROM^opiasttiesiaEfi^?rai: 
TJSaL, Hi^^lc±|E@^SfE®«E<^lc^'>'X h-/u 

/ p — r -7 h 37 KT ) 

aieicot'-ci4, m^<D/p—s' (T>t<o tm^6^\zfim\:^ 
xh?)i)^. yi^:/n h^/PXfk(Oji'~'$’ 

-t-5S*S?K^a#lc|5c(Oi:o<oftair^», Bt^aftro 
aig srasi t -a- -a 4 p ic i.tzj^x'^^<o;p- 
aiits/is. 

( 1 ) Bt#aft?r^Txay— K (/p-^^) (Dmm.-^'fy 

20 

0*1: rBt-^aft;i5’CtaA/- KICA/l'-^'^Sfcaj 

( 2 ) ^ oy - K : 45 fif ^ aftlliSw > Pt ^ i :- t-aaftSK 

I D 

0*J: rA/l'-:5'|c4ol4aBt-§-a«©*f^ (aftSiSi 
D) 14, h!7 — hy — ^'roaftlc^sf 

-rat<oT*feaj 

ctLtcoa#icmi-ax-:?<ojK5S:i4, sjj:-t-a^5' 
h!7 — h 3/U-^/W— X-7 v^y'a h 3/U|c-t-t>ii: 
fctoic/^ao 0*Jxl4l P^?/ h!7 — ^cDOSPFfOa 
30 'n'tt, ^xE'f’a L S A (Link State Advertisement) IC 
a C t ic/iSo 

[0 0 2 5] -;y, Bf-^aft<D«IElC|| LT, #/V— ^ 
(4, ii(T<D4plCLTB0-§-aftSrtT5, 

( 1 ) Bt ^ aft ^ jfi ^ fi -^ f^aftSK I D ic * fj^:-r aaft 

( c ^ tr , aftf '-:?, m ^ii'<^y ff | 

0*1: Ta/I'— ^ 5raiiii’a^<->^';/ h<oy— X7 KU-X;6S 

y ^ y — ^ {Z^L-^ xy -f a K UX 

:65 0:t";' M7 — y icjR’t-a-'^-y's' H4, x^Xx-c^— 
40 ->3 vT K*-^x)45aftS8S I Dica-^-faoT', st-^a 
ftro^t^t-faj 

( 2 ) aftMKicjffisi-aaftSK I D 

Srifofcy— Kcot<73?r4^ft{Si^LTl'a#-^l4'?:tt$r 
^ttJLTfi&ffl-fao H5rlft}$LTV’>/j:V':»-g-(4, ^<Dy 
-K tcorfl-CSI^JEK^fTPCtT', HSrSlf* 

'-rao 

0*J : Ta/W— h!7-y56oSgS±(C, B/W 
tV'pBt-^aft:45-^i6:^C>'l— 

^5 0 5/ b !7 -y tC*f LTBS-f-aftHfficO^^ t U 

50 Tir'act5r, yu— x-fyy'y’p bP/HCi*? AyW-^' 
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m^<r>mmi: y s-e:5fii«gicoi'Ti±m^-t-So 
10 0 2 6] f£t6. 1 

~L 1 4^5{8;t-CV'5r t:»5gt tV':J\ al^ti^fiT 1 

<C,'W 1- 5/1^- 0^;65{i ;t T V ' 5 -C* fo o -C 

t^:^?gro|liSli^Bg-CS>5o 

[0 0 2 7] 1 1- 

r.r.'Cri. 0:^(7)<t5lCx a 10 
^'y M7 — 1 1 tA/W— ^L 1 1 (ScO 
h!7-^'r KUX;65 ri63. 135. 10. 0/24J . 0^y 
M7-^rt<Diim^ST 1 2iB/U-^Ll 3XllC-'^ 

— 1 4 Kl'.X;65 T163.13 

5.20.0/24J . A/l'— ^'Ll 1 V:5' 7a:— KU" 

ri63. 135. 100. lOj , BjU—^L13<0'f>'^7x. 
—y.7 ri63. 135. 200.20J , C/W— :#'L14(D 

^y h'P — i'T ri63. 135. 300.30J Xhi>t<0 

t Lx y hS;/W— x-f h ^/KDft# 

■Cfc5±IBOSPF(7)5fcSSrfToTBif€-iiftS:tTP#^ 20 
<Z>mi:mf^. OS PFlCol'Tlix SPSISIETFT*^ 
fTLTV'5tt^RFC2328, RFC1131x STD0054tCf¥*a{’E 

[0 0 2 8] OSPFXffiffl$tv5S*SfMit#x 
t>ti> y -yh (L S A : Link State Adv 

ertisement) cD^^x ^/I'—i'Ll 1~L1 4;a5iilfl-r 
y LSA(Dy:i-—^y h^€r0 2iC^-f. 

r<o/w-i?y >-^LSA(ix 

5##y V^'ltaiXfctJx 'J '^■i^i^M'^y^bXSAU 

LSASiJlCttx V'^ 30 

i7lDx y rtii;:|EK& 

^ If iU;: i o T=&-'W- ^ Umooju- ^ coiBglcMi- 

5lf®?rE^r*#x SSSH-^^x 
t;6ST*#-5i 0 3l4x 

tx ^:i^^c:^^i-5y I Dx y t 

LfetcDT-ij-S, ^-m~4(ix 
■t^lf^Xfcyx Lfcgp 

ot^x Z<D^-^ 

7'5cDE34(;:ioTx 

I’iaV'Tx ') 40 

'y^T—‘?lfit^u\ 1 <^:®'o-i4x 
ifzt^b t i>zt ^^-r„ 

[0 0 2 9] LSAlix ^L 1 1~L 1 AXWX 

t^oXx - 

ocD/w— t ciWX'Pt-^ii^tSrtToXV^ 
ntfx Bt-^iiftfflL SAt^^}t^X't-5o fij;t(ix / 
-Y^soLs Ax*y I D^5 ri63. 135. 100. loj x y 

ri63. 135. 20.0/24J X'fcttlix rWLS 
A^iiftLfc ri63. 135. 100. lOj 5:7 K t LX}f o 

-'l"-5'(4x ri63. 135.20. 0/24J tl'?7 Kl^;^5:Jfo 50 



If M 2000-341324 
10 

iCx y I DSXI^LXx — 9 ri63. 135. 3 

0. 0/24J (7>L S A;J5foix<ix T163. 135. 100. lOj 

I4x fl63. 135. 30. 0/241 tBf-§-a<t!65X-t 

w 1 5:^+. 

[0 0 3 0] rcoJ;5ncekaoSPF5:MfflLx y 
L5rB&#^t;LXaff1--54i^x L 1 1 ~L 1 4 

14. Bf-^a<t5feO[fS5rL SAXiW-t-Sr tiC/iSc 
w(0Swlil{4x 

Lll~L14l4x ifc., — 

/r -y h<0^-B’{kd'X#5^^x 

A\z^<D^y Tsf 1^4^ y 

h9~^ (Xt44^;^h) j i:LXlE®1-5„ rrojfgl 
14x 5^;65, tecDyP— :?(OSt-^[tL SAf'Sft® 

ofcttiz^-rofft^am^fetPL rBf-§-aft^i4«F^>^ 
yf,r7_^j ^JfoXV'fc^^iCx •?-(OLSA^^5c>'W 

t<Dmxm±^i:notztb\ciS'^mfj:mntf£^o 

[0 0 3 1] -tix^ixHe 1 1 o^<^y 

<r>) <DSi4aLSrfToX*3yx r«S(tSLis^lB*yp 
-5^Fp1X»4x •tix^4i.iS,<^)LSA!isy>'^'-^W-y 
>':5'X*t6^fflllc:ejp6±5lc/ioXi/'5o 0il;ttfx Bju 
L 1 3XU'C/l'-5^ L 1 4 

^-togsat^ixiSjESi-Sif^ 
LXk'Srt^iJx D/t— L 1 25raCXA/l — L 1 
1 A/W— 5^Llll4x B/P— :?L 1 3(7>LS 

AtdiiJx ^<DjU-^L 1 3i)^^^(D rsf-§-ji[tg:i4}t 

y. Byl— ^'L 1 3 t<ordJXBf#ffl(7)a5r±^-r2>7'p 
ro7n-fe;t(4x — iSidfflV'tjJtXV' 
5a^fi£;(d>7’o-fe;^-CfcoX«45nev\ A/W— ^'Ll 1 
»4x ^fcx L 1 4 t<OWX*ta5:3fefi£-f-5:/p 

4r:x5:*JS-r5o 

[0 0 3 2] 04 (a) I4x a^SKXlR^Lfci: 
A>»u— :?L1 l(Dy 7/P (/V-y-^'^ify—Zf 

/K07c[f^) (d)rt^5:f^Lfc0XfoS„ 0;^©0ijXI4x 
A/U-^'Lll(4x a4y M7-Y'S.U'D/l— L 1 2 
ty >:5'LX45i^x W^m^\mh^yVV—l;\±a 
i:yX$)5o B/l^-^'LlS, C/W-:?L14»4x 0 4 
y h'7-:?i:D>'l^-^'Ll 2ty>'^'LX439x rsf-^ 
a<tS:l4jf*>4y (44tJC0X*fe5. D/u— 5' 

I4x A/U— L 1 1 , Byl — 5' L 1 3 , C/l^-5^ L 1 4 
bUy^'LXtst). rBf-^iif=S:»4Jft4y M7-Y^j 
V 'X(4^fc*i*:^ J ttXV '/4 V ^ if d d'X'foS. 
^i45x hr7_^j 

Pg^LXV'5£<®f4/i:V\ 

[0 0 3 3] dcoy 'y^y-—zf)Vt^h. AJ\y—^ L 1 1 
>4x 4y M7-:7ai!i^ib4y h!7-:7 0--<^aigS!S 
5Tx a4yhy-:7 (aft^gT 1 1 ) -^A/w-^' L 1 
1 L 1 L 1 3-»04y h y'-:? 
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[0034] -1;. A/U-if L 1 m, @ 4 ( a ) CO !1 

(a) <o 

J:5lc^S-r5o -tfityh. A/W-^LI 1(D 

h9-y i \ia^'y yy—yxh*). S 
KJici/j?: fes^mis^nnh^-y yy-yj ti-i>ji' 

— :#'(iB>'P-:? L 1 3Tfo5, -erx\ AJl'-'^Lll 
»i, 1 3 i:<OKXSIa<O^^S$r^TP (HaSr 

gEl;i^ltLTfo5»-g-H, , ClcoUi^ 

^X— ://KOit?fel4v r^ftTcT Kux h 7— 10 

7) ;65oX% 2l(i5feTK^;^ (^i/h7-7) i>H<0'< 
^yh (a-^B) Sa XBf#{k tTByU-^^ L 1 3 
(set peer(B)) -tirij Xfo^o ittlCifJila 

?rffl V ^s^tglc/i 5, 

[003 5] B/P- ^L 1 3(cKSd5^^tfc 

S-a-^%x5, ;icO»^»4, B/W— :?L 1 3d5B1*5L 
1 2fi.ri'A/l-— 1 llcS;l»74t'fc 
JO. A/P— ^L1 114, /I'— xw^^7"n f>=i/KOStlS 
^rfflV'TByt--^ L 1 3 LTSKStIh] 

H4 (b) 14, B«SKTilX^Lfci:#cOA 20 
/u—fiLl \<0])'yy^—zfj\' {/X'—y-^'y^^—rf/v 
<05t) ia^<0 4o 

1C, B-'l— L 1 3(Oy >'i!>’(t«l:d5il</jroTV'5o - 
(Oy V^'X“7'/V';6'^, ft®SKl4, a^-;/h7-7 
(iid^ttT 1 1 ) -»A/W— ^ L 1 1 -»D/l^— ^ L 1 2 
L 1 4^0^y h7-7 (ii(iS^gT12) 
(oj;oic'SM$ix2,!S5, 

tW^VX AA'—y -L I 1 a letter 

(C|g5$-fr6o 

[0 0 3 6] A/l^-^L 1 1 14, 04 (b) 30 

<OX}yyT--f/X'1)^^m^iX^t. C4tlca0|LTBt-§- 
(k7-f/l^:?(O|^^Sr0 5 (b) (04 0lCMff-t5„ -ffi 
irh. ss&±(cBSr vv-y\ 

X, A/V-y LI 1 14, CfV--y L 1 4 t COPbIXII c <D 
(«ic^gEtc»l^LTfoS«-g-14, 

W-f-5) . C(Oy >'7x“7'yuc0jt*14, r^fSTcTK 
{^y vy—y) t^aX\ 

7-7) i^B<0^<^yh (a-»B) HcXBi#(bL 
XC/l^— 7L 1 4'^iil'fg (set peer(B)) 1441 Xfo 40 
5o 

[0 0 3 7] C(04olC, B/U-7 L 1 3lC^S;ii5^^ 
b, Mfrft(0/i— x^>'7'7'u 

h=>^Mc4 5y (b) co4o^iBt 

sss^mic#9SI(o*m 

;45/^$lx(50X, Bt^a(t5r^i^T't?)4 5ic//5. 

[0 0 3 8] /4#3, :$:||:te)]?ffiXI4, 
-7<Oia#«^lc3EX^5^b, cntc4oT(»ffl-t-^.SI 

/i'-7(osfee^ic4 5S 

^^*A54bfcCi:?riB®bfe;4b 4:^BJI4, C(04 5 50 
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tim<r>^X\-tfi< . 0tJxl4^5/ h 7-7±IC/U— 7Srli 
^b, fo5V'l4fc?>^5' h7-7T!)'e>te(0^7 ^7 — 7 
(cyw-7lr^»$-l4fcfe*, 

-g-|cbi^Sllcafflj)5^tlXfe5o -rtit>h. ^i)ic4 5 
?t-§-aft<o^^iSrfT0 C , yw— r ^ VT'T'P 
>'Koatl«rfflV'TffiZlciSK)gfi&{t«l?rSt4Sb, ^:co 
7XM«fb, aiiSK^eS!i6^lc)i^fi)t 
■fSCtX, B&^afi^iiiii^i-5rti5^t6Xfo5, i 
fc, /i--7(OSK)^figif«|c, St-^fl?rff7J4^<o4( 
•;/ b7-7^j;V'b5^A h^mS-fSfc'ltX, a^/w-7 
;45gibWlcBt-^a(tSrtf 5<a¥5feSfi5raol4mi-C t 
Cttb<0filigl4, $)5^xh7-7±lc 
Sgt $ tv 5 /i'- 7 coScASIS ^-f -5 i: t ' 9 mH(oa 

(i)i^®(cgpbfc«rtexfcy , c4iic4oTx-/<4’/w®a 
(t<o#&lC'b$Blc»l£::6S^ie(c/jj5’b(OXfc5, 

[00 3 9] :^:|IJ£)g|gXI4, bT/W- 

7lr0iJlc^lfT|ji?gbfci5, ;t:^?g(Oftia;y^l4, 
(f(Offi^5feis3E(k't?.«^(oi)5ge^jia:icaffi-f-5 r 
t^s^tlXfcSo Sfc, ;^i*lfi)g^i<o4 9lcSK)gfi£^* 
a?rte<oigS t ffiSlcSlta-re^lgi lit-§-ffl<oe5:l!i6^ 
lc|EM$-e:5«tgtSr-o(0^a (0H;tl4/w-7) rtic 
ai45^tl4»4bV')^^Xfc5;Jb ®IcC( 049JSJ^ 
ffilcL?ttmt4/it>?iV'tt'9t)(OXI4/4l/', ^x.l4/w 
-7icgjt^*i.fca(tiiBab /w- 7*>p>(oaftiics-^ 
V'TBt-^ffl(0|ISrib6^lc^3|-t-5««BSr to4 p lc«fi£ 
i-5Ctl4, 

[ 0 0 4 0 ] **lfe)g®XI4, I b7-7Sraft 

bfc0iJlcot'Xlft?gbfc;5S, ;$:^?^14, ilSWffia 

fa tut-^affii: Srl^^lcJia-rSC i:;4SXt h 7 

-7T*fctl.l4, -?:<0^«lC^'d»4>ib-faffliS'5II6j'4<0 
X, ry±^zLTti:^y hy-yxh^'<y}'y^y V 
^y^yy^hy^y hXcofiJffl’t.^tgXfoS, 

[004 1] :$:^5^(Oaffilci4, /v— r-f ^'77’n h p 
yv(04 9 

SfcJO, f|ft.(0jfig<0/u— rw’VT'T'n h3/u5r^oX^' 
fcO, /u-x^” VT’T'o hp/KOlg£gEi^;45X#^4V' I 
SP (Intarnet Service Provider) 

14, -!r<OI S P^flJfflb/iV'M^fflF^X^IJffl-rSCtlC 
f£^i)\ i<oi spsrfijfflbfcs-a-xfcoxt, 
’pmu^<ii^<r)Vy^')'y^W/^x\ sp<of— tfxic 
4b^j;v';^)£xtpif*i-5ctic4y, 

y h7-7X(0$lJfflb'5It6XS>'5o 
[0 0 4 2] :^:^BJ(4, 8t-^afS5fe:S5i^S6^b b< I4f^ 
SWtc«?glcSKlc/i5S^lc#lc;ft-^bXfey , 

/^^y V 7-7 iV'ofcSI«^'XX(Cb*«;(cmi5^ 
|gx$)5, 

[0 0 4 3] :^^B^I4, 4fci, p >^'>3.— xfflBt-^a(t 
rti« ({iA^r^ft^i: bfc-t'?/ b7-7-y— tf;^(0|ljffl(0 
-mm) --(oafflb^texi)?., aa, (iA^w^tb 




(V 










































(51)Int.Cl. 

H 0 4 L 29/14 






F I 



T-V3-1’ 



mm 

3 # 3 -^ 
• •r-i’ • -r— 



F^? — A(##) 5J104 AAOl AA34 BA02 NA02 NA37 

PA07 

5K030 GA12 GA15 HD03 KAOS LB05 
5K033 AA06 AA08 CB08 DAOS DB18 
EC03 

5K035 CC09 DDOl LL17 

9A001 BB02 BB04 CC06 CC07 DDiO 

EE03 HH09 JJ18 LL07 LL09 






































ff,38:!1990,B [CLAIMS] 



Page 1 of 3 



♦ NOTICES * 

JPO and NCIPI are not responsible for any 
damages caused by the use of this translation. 

1. This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2. **** shows the word which can not be translated. 

3. In the drawings, any words are not translated. 



CLAIMS 



(57) [Claim(s)l 
[Claim 1] 

It is the cryptocommunication approach of performing communication link for Takayoshi, and 
cryptocommunication through a network realizable to coincidence. 

The optimal path on a network is formed by exchanging mutually predetermined path formation 
information including the arrangement information about arrangement of the communication link 
repeating installation in which cryptocommunication is possible among two or more communication 
link repeating installation, and suiting on said network. While performing cryptocommunication of 
commo data between the communication link repeating installation which exists in this optimal path 
When the configuration of the communication link repeating installation on said network is changed, 
said path formation information is updated and it is characterized by continuing said 
cryptocommunication using the key fixed mutually between the communication link repeating 
installation which carries out the reconstititution of the new optimal path, and consists in the optimal 
path by which the reconstititution was carried out and in which cryptocommunication is possible. 

The cryptocommunication approach. 

[Claim 2] 

Each communication link repeating installation records the identification information of the 
communication device or a network, when a decryption of the enciphered conuno data which goes to a 
certain communication device or network can be performed, and when said path formation information 
is received from other communication link repeating installation and the cryptocommunication point 
holds the same identification information as said identification information, it is characterized by settling 
on said key between communication link repeating installation besides the above. 

The cryptocommunication approach according to claim 1. 

[Claim 3] 

It is the cryptocommunication system which performs cryptocommunication of commo data between the 
communication link repeating installation which forms the optimal path on the network which can 
realize communication link for Takayoshi, and cryptocommunication to coincidence, and exists in this 
optimal path by exchanging predetermined path formation information mutually among two or more 
communication link repeating installation, and suiting. 

The path formation information on each cormnunication link repeating installation includes the 
arrangement information about arrangement of the communication link repeating installation in which 
cryptocommunication is possible on said network. 

At least one of said two or more of the communication link repeating installation It is constituted so that 
the arrangement information after the modification concerned may be notified to other communication 
link repeating installation, when it detects that the arrangement configuration of the communication link 
repeating installation on the optimal path under cryptocommunication w^as changed. Other one [ at 
least ] While updating the path formation information on seif based on said notice and carrying out the 
reconstititution of the new optimal path to it, it is characterized by being constituted so that said 
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cryptocommunication may be continued using the key fixed mutually between the communication link 
repeating installation which consists in the optimal path by which the reconstititution was carried out 
and in which cryptocommunication is possible, 

Cryptocommunication system. 

[Claim 4] 

While forming the optimal path on the network which can realize communication link for Takayoshi, 
and cryptocommunication to coincidence based on predetermined path formation information, it is the 
communication link repeating installation which performs cryptocommunication among other 
communication link repeating installation which exists in this optimal path. 

Said path formation information includes the arrangement information about arrangement of the 
communication link repeating installation in which cryptocommunication is possible. 

An updating means to update the contents of said arrangement information included in the path 
formation information on self when the arrangement configuration of other communication link 
repeating installation in said optimal path is changed during cryptocommunication. 

Path means forming which forms a new optimal path based on die path formation information after 
updating. 

It has a detection means to detect other communication link repeating installation in which the 
cryptoconununication on the newly formed optimal path is possible. 

It is characterized by continuing cryptocommunication using the key fixed between the detected 
communication link repeating installation concerned. 

Communication link repeating installation. 

[QaimS] 

it is the information by which said path formation information is mutually delivered and carried out 
among other communication link repeating installation based on a predetermined routing protocol, and 
the information about arrangement of the node which can perform cryptocommunication, and its node 
are characterized by fixing said key based on said identification information including the identification 
information of the communication path made into the object of cryptocommunication implementation 
Communication link repeating installation according to claim 4. 

[Claim 6] 

When the key fixed between nodes with said identification information is held beforehand, the key is 
♦♦♦*(ed), and when the key is not held, it is characterized by securing said key by performing key 
generation between the nodes concerned. 

Communication link repeating installation according to claim 5. 

[Claim?] 

It is characterized by updating said updating means so that the arrangement information about the 
communication link repeating installation used as communication link impossible may be deleted during 
cryptocommunication. 

Communication link repeating installation according to claim 4. 

[Claim 8] 

It is characterized by updating said updating means so that the arrangement information about the 
communication link repeating installation extended during cryptocommunication may be added. 
Communication link repeating installation according to claim 4. 

[Claim 9] 

It is characterized by updating said updating means so that the arrangement information about the 
communication link repeating installation moved during cryptocommunication may be corrected, 
Communication link repeating installation according to claim 4. 

[Claim 10] 

The function which forms the optimal path on the network network which can realize communication 
link for Takayoshi, and eryptocommunication to coincidence based on predetermined path formation 
information including the arrangement information about arrangement of the communication link 
repeating installation in which cryptocommunication is possible. 
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The function to perform cryptocommunication between communications-partner equipment, 

The record medium with which the program code for forming on a computer the function which 
continues cryptocommunication using the key which fixed among other communications-partner 
equipments which exist in this new optimal path while update the contents of said arrangement 
information included in the path formation information on self and forming a new optimal path based on 
the path formation information after updating, when the configuration of said communications-partner 
equipment is changed was recorded and in which a computer readout is possible. 



[Translation done.] 
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* NOTICES ♦ 

JPO and NCZPX are not responsible for any 
damages caused by the use of this tremslation. 

1. This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2. **** shows the word which can not be translated. 

3.1n the drawings, any words are not translated. 



TECHNICAL FIELD 



[Field of the Invention] 

Modification of the configuration of communication link repeating installation arises during 
cryptocommunication, and even if this invention is the case where an optimal path changes, it relates to 
the cryptoconununication technique for continuing cryptocommunication safely in the network which 
the communication link for Takayoshi (it is the same the communication link which has the 
communication link in which the automatic continuation by path change is possible, i.e., failure-proof 
nature, also in the time of a failure, and the following), and cryptocommunication (it is the same the 
secret commimication link using a code technique and the following) can realize to coincidence. 

[ 0002 ] 



[Translation done.] 
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* NOTICES * 

/ JPO and NCIPI are not responsible for any 
damages caused by the use of this translation. 

1. This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2. **** shows the word which can not be translated. 

3. In the drawings, any words are not translated. 



PRIOR ART 



[Description of the Prior Art] 

The gestalt of the cryptocommunication performed using IP (Internet Procotol) network is known better 
than before. This kind of cryptocommunication is performed using the key (a cryptographic key / decode 
key) generated between the encryption equipment of a transmitting side, and the decryption equipment 
of a receiving side. As a gestalt of the communication link in this case, there are a gestdt which 
performs cryptocommunication by end to end, and a gestalt which performs cryptocommunication by 
ananging the communication device (following, "data encryption equipment") which performs 
encryption and a decryption of commo data, for example, a packet, on a communication path. 

[0003] 

As a procedure of generation of the key used for cryptocommunication in IP network, key exchange, and 
a key setup, various technique, such as an IKE (Internet Key Exchange: cryptographic key generation 
procedure) method, exists, for example. A transmitting side enciphers an IP packet using this generated 
key (cryptographic key), and a receiving side decrypts a packet using the key (decode key) 
corresponding to this key. 

[0004] 

By the way, when a certain failure occurs at an optimal path in the midst which is communicating using 
IP network a communication link can be recovered, and using the backup routing function which the 
communication link repeating installation itself, such as a router, has. [ using routing protocols such as 
OSPF (Open ShortestPath First), ] That is, an alternate route can be set up automatically and a 
communication link can be recovered. Hereafter, the outline of these communication link methods of 
recovery is explained. 

[0005] 

(1) When a routing protocol is used 

As shown in drawing 6 , suppose that routers N1 1-N15 are connected to the node on IP network 
between a communication device Til and a communication device 12. The optimal path of forward 
always exchanges mutually the information [ information /, i.e., express which router and 
communication link are directly possible for each router, / the conununication device T1 1 -> router Nil 
-> router N12 -> router N13 -> router N15 -> communication device T12 or its path formation 
information / information / which is reverse and has mutually each routers N1 1-N15 ], and forms the 
optimal path between networks. 

[0006] 

In this optimal path, when a failure occurs in a router N 13, the following procedures recover a 
communication link. 

First, the normal router N12 which carries out proximal to a router N 13, for example, a router, detects 
that the failure occurred in the router N13 by the function of a routing protocol. The detection approach 
is detemrined by the routing protocol. The router N12 whicht'detected the failure notifies information, 
such as "an old path was not able to be used" or "the link having been lost", to the adjoining routers N 1 1 
and N14 by the function of a routing protocol. Such notice information is relayed also to the adjoining 
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router N 15, and, thereby, is notified to all the routers of a routing domain (group of a router who 
delivers routing information). Thus, the path formation information which each routers Nil, N12, N14, 
and 15 have is updated by the information notified newly, and the reconstititution of the alternate route 
which becomes instead of a failure path, i.e., the path of the communication device T1 1 -> router N1 1 -> 
router N12 -> router N14 -> router N15 -> conununication device T12, is carried out. 

[0007] 

(2) When a backup routing function is used 

A backup routing function is in a certain router N 12 in the communication system shown in drawing 6 , 
for example, a router, the case (polling (supervisory signal) the existence of a link --) where a router N 12 
detects that the failure occurred for the junction path it is based on keep alive (signal for confirming that 
the circuit is not downed) etc. - a router N12 is changed to the alternate route (backup path) set up 
beforehand based on a backup routing function, and maintains a communication link. 

[0008] 



[Translation done.] 



/ 
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♦ NOTICES * 

JPO and/. NCIPI are not responsible for any 
damages caused by the use of this translation. 



1. This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2. **** shows the word which can not be translated. 

3.1n the drawings, any words are not translated. 



EFFECT OF THE INVENTION 



[Effect of the Invention] 

Even if it is the case where modification arises to the equipment to decrypt, i.e., a key, as a result of 
making a path change during cryptocommunication according to this invention so that clearly from the 
above explanation, there are insurance and characteristic effectiveness [ say / that it can continue now 
certainly ] about cryptoconmumication. 



[Translation done.] 
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2. **** shows the word which can not be translated. 

3. In the drawings, any words are not translated. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 

[ 0001 ] 

[Field of the Invention] 

Modification of the configuration of communication link repeating installation arises during 
cryptocommunication, and even if this invention is the case where an optimal path changes, it relates to 
the cryptocommunication technique for continuing cryptocommunication safely in the network which 
the communication link for Takayoshi (it is the same the communication link which has the 
communication link in which the automatic continuation by path change is possible, i.e., failure-proof 
nature, also in the time of a failure, and the following), and cryptocommunication (it is the same the 
secret communication link using a code technique and the following) can realize to coincidence. 

[ 0002 ] 

[Description of the Prior Art] 

The gestalt of the cryptocommunication performed using IP (Internet Procotol) network is known better 
than before. This kind of cryptocommunication is performed using the key (a cryptographic key / decode 
key) generated between the encryption equipment of a transmitting side, and the decryption equipment 
of a receiving side. As a gestalt of the communication link in this case, there are a gestalt which 
performs cryptocommunication by end to end, and a gestalt which performs cryptocommunication by 
arranging the communication device (following, "data encryption equipment") which performs 
encryption and a decryption of commo data, for example, a packet, on a communication path. 

[0003] 

As a procedure of generation of the key used for cryptocommunication in IP network, key exchange, and 
a key setup, various technique, such as an IKE (Internet Key Exchange: cryptographic key generation 
procedure) method, exists, for example. A transmitting side enciphers an IP packet using this generated 
key (cryptographic key), and a receiving side decrypts a packet using the key (decode key) 
corresponding to this key. 

[0004] 

By the way, when a certain failure occurs at an optimal path in the midst which is communicating using 
IP network, a communication link can be recovered, and using the backup routing function which the 
communication link repeating installation itself, such as a router, has. [ using routing protocols such as 
OSPF (Open ShortestPath First), ] That is, an alternate route can be set up automatically and a 
communication link can be recovered. Hereafter, the outline of these communication link methods of 
recovery is explained. 

[0005] 

(1) When a routing protocol is used 

As shown in drawing 6 , suppose that routers N1 1-N15 are connected to the node on IP network 
between a communication device Til and a communication device 12. The optimal path of forward ^ 
always exchanges mutually the information [ information /, i.e., express which router and 
communication link are directly possible for each router, / the communication device T1 1 -> router Nil 
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-> router N12 -> router N13 -> router N15 -> communication device T12 or its path formation 
information / information / which is reverse and has mutually each routers N1 1-N15 ], and forms the 
optimal path between networks. 

[0006] 

In this optimal path, when a failure occurs in a router N 13, the following procedures recover a 
communication link. 

First, the normal router N 12 which carries out proximal to a router N 13, for example, a router, detects 
that the failure occurred in the router N 13 by the function of a routing protocol. The detection approach 
is determined by the routing protocol. The router N 12 which detected the failure notifies information, 
such as "an old path was not able to be used" or "the link having been lost", to the adjoining routers Nil 
and N14 by the function of a routing protocol. Such notice information is relayed also to the adjoining 
router N IS, and, thereby, is notified to all the routers of a routing domain (group of a router who 
delivers routing information). Thus, the path formation information which each routers N1 1, N12, N14, 
and N15 have is updated by the information notified newly, and the reconstititution of the alternate route 
which becomes instead of a failure path, i.e., the path of the communication device T1 1 -> router N1 1 -> 
router N12 -> router N14 -> router N15 -> communication device T12, is carried out. 

[0007] 

(2) When a backup routing function is used 

A backup routing function is in a certain router N12 in the communication system shown in drawing 6 , 
for example, a router, the case (polling (supervisory signal) the existence of a link -) where a router N 12 
detects that the failure occurred for the junction path it is based on keep alive (signal for confirming that 
the circuit is not downed) etc. ~ a router N12 is changed to the alternate route (backup path) set up 
beforehand based on a backup routing function, and maintains a communication link. 

[0008] 

[Problem(s) to be Solved by the Invention] 

Usually, also when a failure occurs in an optimal path, an alternate route can be formed in the midst 
which is performing not only a communication link but cryptoconmiunication using the above- 
mentioned function and above-mentioned backup routing function of a routing protocol. However, since 
the function of a routing protocol or the change function to a backup path, and the function of 
cryptocommunication have another composition, with the existing structure, in the case of 
cryptoconmiunication, the enciphered IP packet (encryption data) cannot be decrypted, and it may be 
unable to continue cryptocommunication. This is explained below. 

[0009] 

Here, a communication device T1 1 is connected to the configuration N12 shown in drawing 7 , i.e., a 
router, through data encryption equipment M21, a communication device T22 is connected to a router 
N15, and IP network configuration by which data encryption equipment M22 and M23 was connected to 
juxtaposition between the router N12 and the router N15, respectively is assumed further. 

[ 0010 ] 

Each routers N12 and N15 and data encryption equipment M21 and M22 exchange the path formation 
information which it has mutually, suit, and form the optimal path between networks. Ilie optimal path 
in always [ forward ], i.e., the path at the time of usually converging in a path, is the communication 
device T1 1 -> data-encryption-equipment M21 -> router N12 -> data-encryption-equipment M22 -> 
router N 15 -> communication device T12, and data encryption equipment M21 enciphers the packet 
transmitted from a communication device T22 using the key (for example, the key A) used between self- 
equipment and data encryption equipment M22. 

[ 0011 ] 

Suppose that a certain failure occurred with data encryption equipment M22, a path change was made by 
the function of a routing protocol, and the optimal path was automatically changed into the ^ 
communication device T1 1 -> data-encryption-equipment M21 -> router N12 -> data-encryption- 
equipment M23 -> router N 15 -> communication device T12 in this condition. In this case, the key (for 
example, the key B) used between data encryption equipment M21 and data encryption equipment M23 
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differs from the key A mentioned above. However, in data encryption equipment M21, since there is no 
modification in the transmission place (communication device T12) of a packet, from the conventional 
routing protocol, it cannot recognize that the key for codes of the data transmitted to a communication 
device T12 from a communication device T1 1 should be changed into Key B from Key A. Therefore, 
since it will be enciphered with Key A with data encryption equipment M21 and the packet concerned 
cannot decode this in the data encryption equipment M23 using Key B, cryptocommunication is 
unrecoverable after all. 

[ 0012 ] 

The tunnel mode which enciphers collectively a part for the data division of IP header which includes 
the address of a transmission place in cryptocommunication, and a packet (namely, payload), and 
communicates by attaching IP header including the address of a new transmission place (decryption 
equipment). Although the transmission place address has the transport mode which does not encipher 
but enciphers only a part for the data division of a packet, when a failure occurs with data encryption 
equipment M22 as mentioned above, with data encryption equipment M21, the need for modification of 
a key can be recognized in neither of the modes. 

[0013] 

Such a problem is produced in common, the case where a router, data encryption equipment, a 
communication device, etc. are newly extended by the part (node) which was an opting path till then, 
when the parts of a router etc. move, and not only when a path failure occurs during 
cryptocommunication but when. It originates in ^ving been [ this ] fixed, and the key used for 
cryptocommunication having been fixed. [ of arrangement of the router in this conventional kind of 
communication link for Takayoshi etc. ] 

[CX)14] 

Then, even if this invention is the case where modification arises in the arrangement configuration of the 
equipment with which the communication link for Takayoshi and cryptocommunication perform 
encryption and a decryption in a network realizable to coincidence, it makes it a main technical problem 
to offer the technique which changes the key for codes dynamically and enables it to continue 
cryptocommunication safely. 

[0015] 

[Means for Solving the Problem] 

The record medium which becomes suitable when a computer realizes the cryptocommunication 
approach by which this invention was improved in the above-mentioned tecl^cal problem for the 
solution reason, a cryptocommunication system, communication link repeating installation, and 
communication link repeating installation is offered. 

[0016] 

The cryptocommunication approach of this invention is an approach of performing communication link 
for Takayoshi, and cryptocommunication through a network realizable to coincidence. The optimal path 
on a network is formed by exchanging mutually predetermined path formation information including the 
arrangement information about arrangement of the communication link repeating installation in which 
cryptocommunication is possible among two or more communication link repeating installation, and 
suiting on a network. While performing cryptocommunication of commo data between the 
communication link repeating installation which exists in this optimal path It is characterized by 
continuing said cryptocommunication using the key fixed mutually between the communication link 
repeating installation which updates said path formation information, carries out the reconstititution of 
the new optimal path when the configuration of the communication link repeating installation on said 
network is changed, and consists in the optimal path by which the reconstititution was carried out and in 
which cryptocommunication is possible. Each communication hnk repeating installation records the 
identification information of the communication device or a network, when a decryption pf the 
enciphered commo data which goes to a certain communication device or network can be performed, 
and when path formation information is received from other communication link repeating installation 
and the cryptocommunication point holds the same identification information as said identification 



http://www4.ipdl.ncipi.go.jp/cgi-bin/tran_web_cgi_ejje 



10/25/2006 




JP.382 19903 [DETAILED DESCRIPnONJ 



Page 4 of 8 



-information, it is made to settle between communication link repeating installation besides the above on 
a key. 

[0017] < 

The cryptocommunication system of this invention is a cryptocommunication system which performs 
cryptoconununication of commo data between the communication link repeating installation which 
forms the optimal path on the network which can realize communication link for Takayoshi, and 
cryptoconunimication to coincidence, and exists in this optimal path by exchanging predetermined path 
formation information mutually among two or more conununication link repeating installation, and 
suiting. The path formation information on each communication link repeating installation is what 
includes the arrangement information about arrangement of the communication link repeating 
installation in which cryptocommunication is possible on said network. At least one of two or more of 
the communication link repeating installation It is constituted so that the arrangement information after 
the modification concerned may be notified to other communication link repeating installation, when it 
detects that the arrangement configuration of the communication link repeating installation on the 
optimal path under cryptocommunication was changed. Other one [ at least ] While updating the path 
formation information on self based on said notice and carrying out the reconstititution of the new 
optimal path to it, it is characterized by being constituted so that said cryptoconununication may be 
continu^ using the key fixed mutually between the conununication link repeating installation which 
consists in the optimal path by which the reconstititution was carried out and in which 
cryptoconununication is possible. 

[0018] 

In the conununication link repeating installation which performs cryptocommimication among other 
communication link repeating installation which exists in this optimal path while the conummication 
link repeating installation of this invention forms the op timal path of the co mmo data on a network 
based on predetermined path formation information Said path formation information is a thing including 
the arrangement information about arrangement of the conununication link repeating installation in 
which cryptoconununication is possible. A means to update the contents of said arrangement 
information included in the path formation information on self when other communication link repeating 
instaUation which serves as a communications partner during cryptoconunuiucation becomes 
communication link impossible. It is equipment characterized by continuing cryptocommunication using 
the key which was equipped with a means to form a new optimal path based on the path formation 
information after updating, and a means to detect other conummication link repeating installation in 
which the cryptoconununication on the newly formed optimal path is possible, and was fixed between 
the detected communication link repeating installation concerned. 

[0019] 

it is the information more specifically mutuaUy delivered and carried out among other communication 
link repeating installation based on a predetermined routing protocol, and, as for path formation 
information, the information about arrangement of the node which can perform cryptoconununication, 
and its node fix said key based on this identification information including the identification information 
of the communication path made into the object of cryptoconununication implementation. When the key 
fixed between nodes with identification information is held beforehand, the key is ****(ed), and when 
the key is not held, said key is secured by performing key generation between the nodes concerned. 
[ 0020 ] 

The updating means in conununication link repeating installation deletes the arrangement information 
about it, when the conununication link repeating installation used as communication link impossible is 
during cryptocommunication, when there is communication link repeating installation extended during 
cryptocommunication, it adds the anangement information about it, and when there is conununication 
link repeating installation moved during cryptoconununication, it corrects the arrangement information 
about it. 

[ 0021 ] 

The record medium which this invention offers based on predetermined path formation information 
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including the arrangement information about arrangement of the communication link repeating 
installation in which cryptocommunication is possible The function which forms the optimal path on the 
network which can realize conunupication link for Takayoshi, and cryptoconununication to coincidence, 
When the function to perform cryptocommunication between communications-paitner equipment, and 
the configuration of said communications-partner equipment are changed, while updating the contents of 
said arrangement information included in the path formation information on self and forming a new 
optimal path based on the path formation information after updating It is the record medium with which 
the program code for forming on a computer the function which continues cryptocommunication using 
the key fbted among other communications-partner equipments which exist in this new optimal path was 
recorded and in which a computer readout is possible. 

[ 0022 ] 

[Embodiment of the Invention] 

Hereafter, the operation gestalt of this invention is explained with reference to a drawing. 

When the communication link for Takayoshi and cryptocommunication are performing 
cryptocommunication between the equipment which delivers path formation information in a network 
realizable to coincidence according to a routing protocol, the information about arrangement of the 
equipment in which cryptocommunication is possible is included in the above-mentioned path formation 
information, and it is made to make path formation information and the information about modification 
of a key link in this invention. 

For exanqile, if it is the routing protocol of the De Dis wardrobe vector type about between what 
networks the equipment in which cryptocommunication is possible is arranged to which link, and 
cryptocommunication can be performed, if it is the routing protocol of a link state type, it will include 
which router exists in the distance vector into path formation information. And in case encryption data 
are transmitted, it enables it to perform easily newly generating, if there is no corresponding key using 
the key corresponding to the data encryption equipment of a reception place. 

In addition, use and generation of a key can use the technique generally used from the former. 

[0023] 

The above-mentioned cryptocommunication approach can be enforced by the cryptocommunication 
system constituted as shown in drawing 1 . 

Including the network configuration components of two or more routers LI 1 which intervene between 
communication device [ of theiransmitting side allotted on alpha network ] T1 1, co mmuni cation device 
[ of the receiving side allotted on beta network ] T12, and these communication devices, Le., A router, D 
router L12, B router L13, and C router L14, and others, this cryptocommunication system 1 is 
constituted so that communication link for Takayoshi and cryptocommunication can be realized to 
coincidence. 

It shall connect through a wide area network [ like the Internet ] whose alpha network and beta network 
are. 

[0024] 

Each routers LI 1-L14 are a kind of computers which have memory and CPU, and have the function of 
the routing protocol formed by reading the program code with which the CPU was recorded on the 
predetermined record medium, and performing, the function of cryptocommunication, and the function 
to make these functions cooperate. Although CPUs are cover-half record media, such as semiconductor 
memory in which a readout is possible, when mounted in a router, the record medium which recorded 
this program code circulates through portability record media, such as CD-ROM, and may be installed 
in the above-mentioned cover-half record medium at the time of mounting. 

About the function of a routing protocol, although it is fundamentally [ as the thing of the conventional 
router ] the same, it differs from the function with which the router conventional at the point of having 
made it make the functions of cryptocommunication including the following two information 
cooperating to the path formation information exchanged for other routers by the routing protocol is 
equipped. 

(1) Airangement and Interface ID of the node (router) which can perform cryptocommunication 
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Example: "A router is in A node whose cryptocommunication is possible" 

(2) The conununication path ID which the node makes the object of cryptocommunication 
implementation < 

Example: "the object (communication path ID) of the cryptocommunication in A router receives the 
conununication link of alpha network and ganuna network" 

The format of the data corresponding to such information becomes what was doubled with the adapted 
network protocol or the routing protocol. For example, in the case of OSPF of IP network, the 
information will be included in LS A (Link State Advertisement) mentioned later. 

[0025] 

On the other hand, about the function of cryptocommunication, as each router is the following, it 
performs cryptoconununication. 

(1) To the communication link corresponding to the co mmu nication path ID for cryptocommunication 
implementation, encipher commo data, for example, a packet, and generate encryption data. 

Example: As for the packet to which the source address of the packet which passes A router belongs to 
gamma network, and the destination address belongs to beta network, it is ****(ed) and used for the key 
for the codes "which it lets be the objects of cryptocommunication since the destination address suits a 
conununication path ID (2)" when the thing of a node with the communication path ID corresponding to 
a communication path is held beforehand. When the key is not held, it is performing key generation 
between the node (router), and a key is secured. 

Example: "the router in which cryptocommunication called B router is possible existed on the path 
addressed to beta network fiom A router, and A router knows by the routing protocol that the B router is 
considering as the object of cryptocommunication implementation to beta network. Then, the packet set 
as the object of cryptocommunication is enciphered using the key corresponding to B router." 

About the function to which both function is made to link, it mentions later. 

[0026] 

In addition, although it is desirable for all the routers LI 1-L14 to have as for the above function, the 
operation which has enciphered the packet sent from the conununication device T1 1, and is relayed and 
which is this invention even if it is the case where only the router which acts mainly has, either is 
possible. 

[0027] 

Next, the communication configuration by the cryptoconununication system 1 of this operation gestalt is 
explained. Here, the corrununication device T1 1 in alpha network and the network address between the 
A routers LI 1 like illustration "163.135.10.0/24", The interface address between the communication 
device T12 in beta network, the B router L13, or the C router L14 "163.135.20.0^4", The interface 
address of the A router LI 1 "163.135.100.10", The interface address of the B router L13 
"163.135.200.20", The example in the case of improving the above OSPF which the network address of 
the C router L14 shall be " 163.135.300.30", and is the representation of a link state type routing 
protocol, and performing cryptocommunication is given. OSPF is indicated by the specifications 
RFC2328, RFCl 131, and STD0054 published in the international organization IETF at the detail. 

[0028] 

The example of a format of the router link LSA which each routers LI 1-L14 transmit among the path 
formation information used by OSPF, i.e., a link condition advertising packet, (LSA:Link State 
Advertisement) is shown in drawing 2 . 

This router link LSA is various link informations received and passed between proximal routers, and 
consists of a link condition header and a LSA section. Using the information wWch a router type. Link 
ID, link data, etc. are described by the LSA section, and is described by this, each router can recognize 
the information about arrangement of other routers, and can use now for path computation or a re- 
calculation. Drawing 3 shows the router type contents and the example of (he Link ID and link data to it. 
Types 1-4 are information which the existing router possesses, and Type 5 is the part added with this 
operation gestalt, i.e., the information relevant to cryptocommunication. By this type 5 of description, 
which router understands where cryptocommunication is performed. In Type 5, when link data are Null, 



http://www4.ipdl.ncipi.go.jp/cgi-bin/tran_web_cgi_ejje 



10/25/2006 




JP, 38219903 [DETAILED DESCRIPTION] 



Page 7 of 8 



it is shown that somewhere which is not determined yet and cryptocommunication can be performed. 
[0029] 

LSA can send two or more link informations which it can have with each routers LI 1-L14. Therefore, if 
one router is performing cryptocommunication among two or more routers, two or more LS A(s) for 
cryptocommunication can also be specified. For example, it is shown that the router which has as the 
address "163.135.100.10" which transmitted this LSA by LSA of Type 5 if Link ID is "163.135.100.10" 
and link data are "163. 135.20.0/24" is in the condition which can perform a phase hand with the address 
of "163.135.20.0/24" and cryptocommunication. Furthermore, it is the same to Link ID, and if there is 
LSA of link data "163.135.30.0/24", it is shown that a router "163.135.100.10" is in the condition whose 
cryptocommunication is possible also with "163.135.30.0/24" of phase hands. 

[0030] 

Such amelioration OSPF is used, and when enciphering a packet and transmitting, each routers LI 1-L14 
will declare the information on the cryptocommunication point by LSA. The information on 
cryptocommunication origin is also included in this declaration. Each routers LI 1-L14 record the 
information on the network on the own database of a router as "a cryptocommunication charge network 
(or host)", when a decryption of the packet which goes to a certain network can be performed again. 

This information turns into information required in order to perform key generation between that LSA 
transmitting former routers, when each router receives the cryptocommunication LSA of other routers 
and it has the same "cryptocommunication charge network" as that cryptocommunication point. 

[0031] 

Routers are delivering the Hello packet (a thing like a keep alive signal to a contiguity router), 
respectively, and self LSA gets across to the other party by the link-Bayh-link between the routers in 
which this delivery is possible, respectively. For example, when the B router L13 and the C router L14 
are routers in which encryption and a decryption are possible, that that and it are operating normally gets 
across to the A router LI 1 through the D router L12. The A router LI 1 gets to know that it is ready for 
the router L13 to perform self "cryptocommunication charge network" and cryptocommunication by 
LSA of the B router L13, and carries out the process which generates the key for codes between the B 
routers L13. This process may be a process of key generation of generally being used. The A router LI 1 
carries out the process which generates a key also between the C routers L14 again. 

[0032] 

I>awing4 (a) is drawing having shown the contents of the link table (former information on routing 
table) of the A router LI 1 when usually converging in a path. In the example of illustration, the A router 
LI 1 is linked with alpha network and the D router LI 2, and cryptocommunication charge networks are 
alpha and garruna. The B router L13 and the C router L14 are linke d with beta network and the D router 
L12, and both "cryptoconununication charge networks" is beta. Or it links D router with the A router 
LI 1, the B router L13, and the C router L14 and it does not have assigrunent of a "cryptocommunication 
charge network", it is somewhere which is not yet determined. In addition, the "cryptocommunication 
charge network" does not necessarily need to adjoin. 

[0033] 

This link table to the A router LI 1 forms the optimal path to Network beta from Network alpha like an 
alpha network (communication device T1 1) ->A router LI 1 ->D router L12 ->B router L13 ->beta 
network (communication device T12). 

[0034] 

On the other hand, the A router LI 1 cooperates with the link table of drawing 4 (a), and sets up an 
encryption filter like drawing 5 (a). That is, the "cryptocommunication charge network" of the A router 
LI 1 is an alpha network, and the router which makes beta a "cryptocommunication charge network" on 
a path is the B router L13. Then, the A router LI 1 generates Key a between the B routers L13 (it is **** 
(ed) when Key a is already held). The semantics of this link table is "(he sending agency address's 
(network's) being alpha, and the transmission place address's (network's) enciphering the packet (alpha- 
>beta) of beta with Key a, and transmitting to the B router LI 3 (set peer (B))." Thereby, the 
cryptocommunication using Key a becomes possible. 
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[0035] 

Here, the case where a failure occurs in the B router L13 is considered. 

In this case, since LSA which the B router L13 en>its does not reach the D router L12 and the A router 
LI 1, the A router LI 1 recovers a path as what cannot use the B router L13 using the function of a 
routing protocol. Drawing 4 (b) is drawing having shown the contents after renewal of the link table 
(origin of routing table) of the A router LI 1 when converging in a recovery path. Like illustration, the 
link information of the B router L13 is lost. Although an optimal path is changed from this link table 
like an alpha network (conununication device T1 1) ->A router LI 1 ->D router L12 ->C router L14 - 
>beta network (conununication device T12), the key a which cooperates with path modification and the 
A router LI 1 uses further is made to change into Key c dynamically with this operation gestalt. 

[0036] 

That is, if the link table of drawing 4 (b) is updated, the A router LI 1 will cooperate to this, and will 
update the contents of the encryption filter like drawing 5 (b). That is, since, as for the router which 
naakes beta a "cryptocommunication charge network" on a path, it turns out that it is the C router L14, 
the A router LI 1 generates Key c between the C routers L14 (it is ****(ed) when Key c is already held). 
The semantics of this link table is "the sending agency address's (network's) being alpha, and the 
transmission place address's (network's) enciphering the packet (alpha->beta) of beta with Key c, and 
transmitting to the C router L14 (set peer (B))." 

[0037] 

Thus, since a setup of an encryption filter like drawing 5 (b) is obtained from the link table by the 
routing protocol after updating and modification of the key accompanying path modification is madp. 
even if a failure occurs in the B router L13 and path modification is made, cryptoco mmuni cation can be 
continued. 

[0038] 
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JPO and HCIPI are not responsible for any 
damages caused by the use of this translation. 

1. This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2. **** shows the word which can not be translated. 

3. In the drawings, any words are not translated. 



TECHNICAL PROBLEM 



[Problem(s) to be Solved by the Invention] 

Usually, also when a failure occurs in an optimal path, an alternate route can be formed in the midst 
which is performing not only a communication li^ but cryptocommunication using the above- 
mentioned function and above-mentioned backup routing function of a routing protocol. However, since 
the function of a routing protocol or the change function to a backup path, and the function of 
cryptocommunication have another composition, with the existing structure, in the case of 
cryptocommunication, the enciphered IP packet (encryption data) cannot be decrypted, and it may be 
unable to continue cryptocommunication. This is explained below. 

[0009] 

Here, a communication device T1 1 is connected to the configmation N12 shown in drawing 7 , i.e., a 
router, through data encryption equipment M21, a co mmuni cation device T22 is connected to a router 
N15, and IP network configuration by which data encryption equipment M22 and M23 was connected to 
juxtaposition between the router N12 and the router N 15, respectively is assumed further. 

[ 0010 ] 

Each routers N12 and NIS and data encryption equipment M21 and M22 exchange the path formation 
information which it has mutually, suit, and form the optimal path between networks. The optimal path 
in always [ forward ], i.e., the path at the time of usually converging in a path, is the co mmuni cation 
device T1 1 -> data-encryption-equipment M21 -> router N12 -> data-encryption-equipment M22 -> 
router N15 -> communication device T12, and data encryption equipment M21 enciphers the packet 
transmitted from a communication device T22 using the key (for example, the key A) used between self- 
equipment and data encryption equipment M22. 

[ 0011 ] 

Suppose that a certain failure occurred with data encryption equipment M22, a path change was made by 
the function of a routing protocol, and the optimal path was automatically changed into the 
conununication device T1 1 -> data-encryption-equipment M2 1 -> router N12 -> data-encryption- 
equipment M23 -> router N15 -> communication device T12 in this condition. In this case, the key (for 
example, the key B) used between data encryption equipment M21 and data encryption equipment f^3 
differs from the key A mentioned above. However, in data encryption equipment M21, since there is no 
modification in the transmission place (communication device T12) of a packet, from the conventional 
routing protocol, it cannot recognize that the key for codes of the data transmitted to a communication 
device T12 from a communication device T1 1 should be changed into Key B from Key A. Therefore, 
since it will be enciphered with Key A with data encryption equipment M21 and the packet concerned 
cannot decode this in the data encryption equipment M23 using Key B, cryptocommunication is 
unrecoverable after all. 

[ 0012 ] 

The tunnel mode which enciphers collectivdy a part for the data division of IP header which include^; 
the address of a transmission place in cryptocommunication, and a packet (namely, payload), and 
communicates by attaching IP header including the address of a new transmission place (decr 5 ?ption 
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equipment), Although the transmission place address has the transport mode which does not encipher 
but enciphers only a part for the data division of a packet, when a failure occurs with data encryption 
equipment M22 as mentioned above, with data encryption equipment M21, the need for modification of 
a key can be recognized in neither of the modes. 

[0013] 

Such a problem is produced in common, the case where a router, data encryption equipment, a 
communication device, etc. are newly extended by the part (node) which was an optimal path till then, 
when the parts of a router etc. move, and not only when a path failure occurs during 
cryptocommimication but when. It originates in having been [ this ] fixed, and the key used for 
cryptoconununication having been flxed. [ of arrangement of the router in this conventional kind of 
communication link for Takayoshi etc. ] 

[0014] 

Then, even if this invention is the case where modification arises in the arrangement configuration of the 
equipment with which the communication link for Takayoshi and cryptoco mmuni cation perform 
encryption and a decryption in a network realizable to coincidence, it makes it a main technical problem 
to o^er the technique which changes the key for codes dynamically and enables it to continue 
cryptocommunication safely. 

[0015] 



[Translation done.] 
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MEANS 



[Means for Solving the Problem] 

The record medium which becomes suitable when a computer realizes the cryptocommunication 
approach by which this invention was improved in the above-mentioned technical problem for the 
solution reason, a cryptocommunication system, communication link repeating installation, and 
communication link repeating installation is offered. 

[0016] 

The cryptocommunication approach of this invention is an approach of performing co mmuni cation link 
for Ta^yoshi, and cryptocommunication through a network realizable to coincidence. The op timal path 
on a network is form^ by exchanging mutually predetermined path formation information includin g the 
arrangement information about arrangement of the communication link repeating installation in which 
cryptocommunication is possible among two or more co mmuni cation link repeating installation, and 
suiting on a network. While performing cryptocommunication of commo data between the 
communication link repeating installation which exists in this op timal path It is characterized by 
continuing said cryptocommunication using the key fixed mumally between the communication link 
repeating installation which updates said path formation information, carries out the reconstititution of 
the new optimal path when the configuration of the communication link repeating installation on said 
network is changed, and consists in the optimal path by which the reconstititution was carried out and in 
which cryptocommunication is possible. Each communication link repeating installation records the 
identification information of the communication device or a network, when a decryption of the 
enciphered commo data which goes to a certain communication device or network can be performed, 
and when path formation information is received from other co mmuni cation link repeating installati on 
and the cryptocommunication point holds the same identification information as said identification 
information, it is made to settle between communication link repeating installation besides the above on 
a key. 

[0017] 

The cryptocommunication system of this invention is a cryptocommunication system which performs 
cryptocommunication of commo data between the co mmuni cation link repeating installation which 
forms the optimal path on the network which can realize com muni cation link for Takayoshi, and 
cryptocommunication to coincidence, and exists in this optimal path by exchanging predete rmin ed path 
formation information mutually among two or more co mmuni cation link repeating installation, and 
suiting. The path formation information on each communication link repeating installation is what 
includes the arrangement information about arrangement of the conununication link repeating 
installation in which cryptocommunication is possible on said network. At least one of two or more of 
the communication link repeating installation It is constituted so that the arrangement information after 
the modification concerned may be notified to other communication link repeating installation, when it 
detects that the abrangement configuration of the communication link repeating installation ^on the 
optimal path under cryptocommunication was changed. Other one [ at least ] While updating the path 
formation information on self based on said notice and carrying out the reconstititution of the new 
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optimal path to it, it is characterized by being constituted so that said cryptocommunication may be 
continued using the key fixed mutually between the communication link repeating installation which 
consists in the optimal path by which the reconstititution was carried out? and in which 
cryptocommunication is possible. 

[0018] 

In the communication link repeating installation which performs cryptocommunication among other 
communication link repeating installation which exists in this optim^ path while the communication 
link repeating installation of this invention forms the optimal path of the conuno data on a network 
based on predetermined path formation information Said path formation information is a thing including 
the arrangement information about arrangement of the communication link repeating i n s ta llation in 
which cr^toconununication is possible. A means to update the contents of said arrangement 
information included in the path formation information on self when other conununication link repeating 
installation which serves as a communications partner during cryptocommunication becomes 
communication link impossible, It is equipment characterized by continuing cryptoconununication using 
the key which was equipped with a means to form a new op timal path based on the path fo rmati on 
information after updating, and a means to detect other communication link repeating installation in 
which the cryptocommunication on the newly formed optimal path is possible, and was fixed between 
the detected communication link repeating installation concerned. 

[0019] 

it is the mformation more specifically mutually delivered and carried out among other communication 
link repeating installation based on a predetermined routing protocol, and, as for path formation 
information, the information about arrangement of the node which can perform cryptocommunication, 
and its node fix said key based on this identification information including the identification information 
of the communication path made into the object of cryptocommunication implementation. When the key 
fixed between nodes with identification information is held beforehand, the key is ****(ed), and when 
the key is not held, said key is secured by performing key generation between the nodes concerned. 
[ 0020 ] 

The updating means in communication link repeating installation deletes the arrangement information 
about it, when the communication link repeating installation used as communication link impossible is 
during cryptocommunication, when there is communication link repeating installation extended during 
cryptoco mm u ni cation, it adds the arrangement information about it, and when there is communication 
link repeating installation moved during cryptocommunication, it corrects the arrangement info rmati on 
about it 
[ 0021 ] 

The record medium which this invention offers based on predeterinined path formation info rmati on 
including the arrangement information about arrangement of the co mmuni cation link repeating 
installation in which cryptocommunication is possible The function which forms the optimal path on the 
network which can reaUze communication link for Takayoshi, and cryptocommunication to coincidence. 
When the function to perform cryptocommunication between communications-partner equipment, and 
the configuration of said communications-partner equipment are changed, while updating the contents of 
said arrangement information included in the path formation information on self and for min g a new 
optimal path based on the path formation information after updating It is the record medium with which 
the program code for forming on a computer the function which continues cryptocommunication using 
the key fixed among other communications-partner equipments which exist in this new optimal path was 
recorded and in which a computer readout is possible. 

[ 0022 ] 

[Embodiment of the Invention] 

Hereafter, the operation gestalt of this invention is explained with reference to a drawing. 

When the communication link for Takayoshi and cryptocommunication are perfor min g 
cryptocommunication between the equipment which delivers path formation information in a network 
realizable to coincidence according to a routing protocol, the information about arrangement of the 
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equipment in which cryptocommunication is possible is included in the above-mentioned path formation 
information, and it is made to make path formation information and the information about modification 
of a key link in this invention. 

For example, if it is the routing protocol of the De Dis wardrobe vector type about between what 
networks the equipment in which cryptocommunication is possible is arranged to which link, and 
cryptocommunication can be performed, if it is the routing protocol of a link state type, it will include 
which router exists in the distance vector into path formation information. And in case encryption data 
are transmitted, it enables it to perform easily newly generating, if there is no corresponding key using 
the key corresponding to the data encryption equipment of a reception place. 

In adcUtion, use and generation of a key can use the technique generally used from the former. 

[0023] 

The above-mentioned cryptocommunication approach can be enforced by the cryptocommunication 
system constituted as shown in drawing 1 . 

Including the network configuration components of two or more routers LI 1 which intervene between 
communication device [ of the transmitting side allotted on alpha network ] T1 1, communication device 
[ of the receiving side allotted on beta network ] T12, and these commimication devices, i.e., A router, D 
router L12, B router L13, and C router L14, and others, this cryptoco mmuni cation system 1 is 
constituted so that communication link for Takayoshi and cryptoconununication can be realized to 
coincidence. 

It shall connect through a wide area network [ like the Internet ] whose alpha network and beta network 
are. 

[0024] 

Each routers LI 1-L14 are a kind of computers which have memory and CPU, and have the function of 
die routing protocol formed by reading the program code with which the CPU was recorded on the 
predetermined record medium, and performing, the function of cryptocommunication, and the function 
to make these functions cooperate. Although CPUs are cover-half record media, such as semiconductor 
memory in which a readout is possible, when mounted in a router, the record medium which recorded 
this program code circulates through portability record media, such as CD-ROM, and may be installed 
in the above-mentioned cover-half record medium at the time of mounting. 

About the function of a routing protocol, although it is fundamentally [ as the thing of the conventional 
router ] the same, it differs from the function with which the router conventional at the point of having 
made it make the functions of cryptocorrunimication including the following two information 
cooperating to the path formation information exchanged for other routers by the routing protocol is 
equipped. 

(1) Arrangement and Interface ID of the node (router) which can perform cryptocommunication 
Example: "A router is in A node whose cryptocommunication is possible" 

(2) The communication path ID which the node makes the object of cryptocommunication 
implementation 

Example: "the object (communication path ID) of the cryptocommunication in A router receives the 
communication link of alpha network and gamma network" 

The format of the data corresponding to such information becomes what was doubled with the adapted 
network protocol or the routing protocol. For example, in the case of OSPF of IP network, the 
information will be included in LS A (Link State Advertisement) mentioned later. 

[0025] 

On the other hand, about the function of cryptocommunication, as each router is the following, it 
performs cryptocommunication. 

0) To the communication link corresponding to the communication path ID for cryptocommunication 
jimplementation, encipher commo data, for example, a packet, and generate encryption data. 

Example: As for the packet to which the source address of the packet which passes A router belongs to 
gamma network, and the destination address belongs to beta network, it is ****(ed) and used for the key 
for the codes "which it lets be the objects of cryptocommunication since the destination address suits a 



http://www4.ipdl.ncipi.go.jp/cgi-bin/tran_web_cgi_ejje 



10/25/2006 




JP.382 19903 [MEANS] 



Page 4 of 7 



communication path ID (2)" when the thing of a node with the communication path ID corresponding to 
a communication path is held beforehand. When the key is not held, it is performing key generation 
between the node (router), and a key is secured. / 

Example: "the router in which cryptocommunication called B router is possible existed on the path 
addressed to beta network from A router, and A router knows by the routing protocol that the B router is 
considering as the object of cryptocommunication implementation to beta network. Then, the packet set 
as the object of cryptocommunication is enciphered using the key corresponding to B router." 

About the function to which both function is made to link, it mentions later. 

[0026] 

In addition, although it is desirable for all the routers LI 1-L14 to have as for the above function, the 
operation which has enciphered the packet sent from the communication device T1 1, and is relayed and 
which is this invention even if it is the case where only the router which acts mainl y has, either is 
possible. 

[0027] 

Next, the communication configuration by the cryptocommunication system 1 of this operation gestalt is 
explained. Here, the communication device T1 1 in alpha network and the network address between the 
A routers Lll like illustration "163.135.10.0/24", The interface address between the communication 
device T12 in beta networic, the B router L13, or the C router L14 " 163.135.20.0/24", The interface 
address of the A router LI 1 "163.135.100.10", The interface address of the B router L13 
"163.135.200.20", The example in the case of improving the above OSPF which the network address of 
the C router L14 shall be "163. 135.300.30", and is the representation of a link state type routing 
protocol, and performing cryptoconununication is given. OSPF is indicated by the specifications 
RFC2328, RFCl 131, and STD0054 published in the international organization IETF at the detail. 

[0028] 

The example of a format of the router link LSA which each routers LI 1-L14 transmit among the path 
formation information used by OSPF, i.e., a link condition advertising packet, (LSA:Link State 
Advertisement) is shown in drawing 2 . 

This router link LSA is various link informations received and passed between proximal routers, and 
consists of a link condition header and a LSA section. Using the information wUch a router type, T.ink 
BD, link data, etc. are described by the LSA section, and is described by this, each router can recognize 
the information about arrangement of other routers, and can use now for path computation or a re- 
calculation. Drawing 3 shows the router type contents and the example of the Link ID and link data to it. 
Types 1-4 are information which the existing router possesses, and Type 5 is the part added with this 
operation gestalt, i.e., the information relevant to cryptoco mmuni cation. By this type 5 of description, 
which router understands where cryptocommunication is performed. In Type 5, when link data are Null, 
it is shown that somewhere which is not determined yet and cryptoco mmunic ation can be performed. 
[0029] 

LSA can send two or more link informations which it can have with each routers LI 1-L14. Therefore, if 
one router is performing cryptocommunication among two or more routers, two or more LS A(s) for 
cryptocommunication can dso be specified. For example, it is shown that the router which has as the 
address "163.135.100.10" which transmitted this LSA by LSA of Type 5 if Link ID is "163.135.100.10" 
and link data are "163.135.20.0/24" is in the condition which can perform a phase hand with the address 
of "163.135.20.0/24" and cryptoconununication. Furthermore, it is the same to T.ink ID, and if there is 
LSA of link data "163.135.30.0/24", it is shown that a router "163.135.1(X).10" is in the condition whose 
cryptocommunication is possible also with "163.135.30.0/24" of phase hands. 

[0030] 

Such amelioration OSPF is used, and when enciphering a packet and transmitting, each routers LI 1-L14 
will declare the information on the cryptocommunication point by LSA. The information on 
cryptocommunication origin is also included in this declaration. Each routers LI 1-L14 record the 
information on the network on the own database of a router as "a cryptoco mmuni cation charge network 
(or host)", when a decryption of the packet which goes to a certain network can be performed again. 
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This information turns into information required in order to perform key generation between that LS A 
transmitting former routers, when each router receives the cryptocommunication LS A of other routers 
and it has the same "cryptocommunication charge network" as that cryptocommunication point. 

[0031] 

Routers are delivering the Hello packet (a thing like a keep alive signal to a contiguity router), 
respectively, and self LS A gets across to the other party by the link-Bayh-link between the routers in 
which this delivery is possible, respectively. For example, when the B router L13 and the C router L14 
are routers in which encryption and a decryption are possible, that that and it are operating normally gets 
across to the A router LI 1 through the D router L12. The A router LI 1 gets to know that it is ready for 
the router LI 3 to perform self "cryptocommunication charge network" and cryptocommunication by 
LSA of the B router L13, and carries out the process which generates the key for codes between the B 
routers L13. This process may be a process of key generation of generally being used. The A router LI 1 
carries out the process which generates a key also between the C routers L14 again. 

[0032] 

Drawing 4 (a) is drawing having shown the contents of the link table (former information on routing 
table) of the A router LI 1 when usually converging in a path. In the example of illustration, the A router 
LI 1 is linked with alpha network and ^e D router LI 2, and cryptocommunication charge networks are 
alpha and gamma. The B router L13 and the C router L14 are linked with beta network and the D router 
L12, and both "cryptocommunication charge netwodcs" is beta. Or it links D router with the A router 
LI 1, the B router L13, and the C router L14 and it does not have assignment of a "cryptocommunication 
charge network", it is somewhere which is not yet determined. In addition, the "cryptocommunication 
charge network" does not necessarily need to adjoin. 

[0033] 

This link table to the A router LI 1 forms the optimal path to Network beta from Network alpha like an 
alpha network (communication device T1 1) ->A router LI 1 ->D router L12 ->B router L13 ->beta 
network (conununication device T12). 

[0034] 

On the other hand, the A router LI 1 cooperates with the link table of drawing 4 (a), and sets up an 
encryption filter like drawing 5 (a). That is, the "cryptocommunication charge network" of the A router 
LI 1 is an alpha network, and the router which makes beta a "cryptocommunication charge network" on 
a path is the B router L13. Then, the A router LI 1 generates Key a between the B routers L13 (it is 
(ed) when Key a is already held). The semantics of this link table is "the sending agency address's 
(network's) being alpha, and the transmission place address's (network's) enciphering the packet (alpha- 
>beta) of beta with Key a, and transmitting to the B router L13 (set peer (B))." Thereby, the 
cryptocommunication using Key a becomes possible. 

[0035] 

Here, the case where a failure occurs in the B router L13 is considered. 

In this case, since LSA which the B router L13 emits does not reach the D router L12 and the A router 
LI 1, the A router LI 1 recovers a path as what caimot use the B router L13 using the function of a 
routing protocol. Drawing 4 (b) is drawing having shown the contents after renewal of the link table 
(origin of routing table) of the A router LI 1 when converging in a recovery path. Like illustration, the 
link information of the B router L13 is lost. Although an optimal path is changed from this link table 
like an alpha network (communication device T1 1) ->A router LI 1 ->D router L12 ->C router L14 - 
>beta network (communication device T12), the key a which cooperates with path modification and the 
A router LI 1 uses further is made to change into Key c dynamically with this operation gestalt. 

[0036] 

That is, if the link table of drawing 4 (b) is updated, the A router LI 1 will cooperate to this, and will 
update the contents of the encryption filter like drawing 5 (b). That is, since, as for the router which 
makes beta a "cryptocommunication charge network" on a path, it turn's out that it is the C router L14, 
the A router LI 1 generates Key c between the C routers L14 (it is ****(ed) when Key c is already held). 
The semantics of this link table is "the sending agency address's (network's) being alpha, and the 
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transmission place address's (network’s) enciphering the packet (alpha->beta) of beta with Key c, and 
transmitting to the C router L14 (set peer (B))." 

[0037] , 

Thus, since a setup of an encryption filter like drawing 5 (b) is obtained from the link table by the 
routing protocol after updating and modification of the key accompanying path modification is made 
even if a failure occurs in the B router L13 and path modification is made, cryptoco mmuni cation can be 
continued. 

[0038] 

In addition, although it assumed that modification arose in the arrangement configuration of the router in 
which cryptocommunication is possible, and the path failure by failure of a router etc. arose as an 
example in case the key used by this is changed with this operation gestalt This invention can be 
similarly applied, not only an example such but when the key to be used is changed, as a result of 
extending a router for example, on a networic or moving a router to other networks from a certain 
network. That is, it is possible to continue cryptocommunication by delivering path formation 
information mutually using the fimction of a routing protocol, updating the arrangement information 
with each router, and forming an optimal path automatically, without setting up cryptocommunication 
by hand control. Moreover, the router concerned becomes possible [ also finding out the phase hand 
equipment which performs cryptocommunication automatically ] only by specifying the target network 
thru/or target host who performs cryptocommunication as the path formation information on a router. 
Hiese functions are functions adapted to the actual co mmuni cation configuration that the number of the 
routers connected on a certain network fluctuates continuously, and correspondence becomes possible 
easily by this also at the spread of mobile mold co mmuni cation links . 

[0039] 

Although the router was mentioned as the example and this operation gestalt explained it as 
communication link repeating installation, the structure of this invention can be applied to the equipment 
at large which is in case the phase hand of cryptocommunication changes. Moreover, although it is a 
desirable gestalt to prepare the function to deliver path formation information to other equipments and 
mutual like this operation gestalt, and the function to make the key for codes change dy namicall y, in one 
equipment (for example, router), it is not having to make it such [ always ] a gestalt For example, it 
does not become trouble to constitute so that the communication device coimected to the router may 
have the function to change the key for codes dynamically based on the notice from a router, when 
enforcing the cryptocommunication approach of this invention. 

[0040] 

although this operation gestalt explained the example which made IP network co mmunic ation media, if 
this invention is the network which can realize communication link for Takayoshi, and 
cryptocommunication to coincidence, since it is applicable irrespective of the scale -- ANSE — use with 
the intranet and extranet which are a cute network is also possible. 

[0041] 

Since the mutual delivery function of path formation information like a routing protocol becomes 
application of this invention with a premise. Although it will use within the closed network which does 
not use the ISP when using other original routing protocols or using ISP (Intamet Service Provider) 
which caimot perform intercoimect of a routing protocol Even if it is the case where the ISP is used, use 
in the network beyond a closed network is also possible by relaying path formation information by the 
approach by service of ISP with a well-known tunneling technique. 

[0042] 

It can respond also to a network configuration change which are effective especially when it is changed 
frequently logically, and is called a mobile network physically [ this invention / the 
cryptocommunication point ] flexibly. 

[0043] 

Application in the cryptocommunication commercial scene for consumer (one gestalt of use of the 
network service for an individual) is also possible for this invention again. The mainstream of the 
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cryptocommunication technique for current and an individual is SSL (Secure Socket Layer). This aims 
at performing cryptocommunication of end to end by enciphering by the communicative upper layer, 
and the terminal (conununication device) itself which an individual operates enciphering commo data, 
and transmitting. It can become an effective means to make this invention apply to the network which 
the terminal (a mobile mold terminal is included) which this individual operates accesses, when 
promoting the above-mentioned network service. 

[0044] 



[Translation done.] 
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* NOTICES * 

JPO and NCZPI are not responsible for any / 

damages caused by the use of this translation. 

l.This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2 **** shows the word which can not be translated. 

3.1n the drawings, any words are not translated. 



DESCRIPTION OF DRAWINGS 



[Brief Description of the Drawings] 

[Drawing 1] The cryptocommunication structure-of-a-system Fig. which applied this invention. 

[Drawing 21 Drawing having shown the example of a format of the router link LS A. 

[Drawing 3] Drawing having shown the type class of router link LS A. 

[Drawing 4] For (a), (b) is the contents explanatory view of the link table used when forming the 
optimal path at the time of using a routing protocol, and the contents explanatory view of the link table 
updated at the time of failure generating. 

[Drawing 5] For (a), (b) is drawing having shown the contents of a setting of the encryption filter at the 
time of normal actuation, and drawing having shown the contents of a setting of the encryption filter 
updated at the time of failure generating. 

[Drawing 61 The network configuration Fig. for using for the explanation of the optimal-path restoration 
at the time of using a routing protocol in the former. 

[Drawing 7] It is a network configuration Fig. for using for explanation of the optimal-path restoration at 
the time of using the routing protocol and cryptocommunication in the former. 

[Description of Notations] 

1 Cryptocommunication System 
T1 1, T12 Conununication device 
LI 1-L14,N11-N15 Router 
M21-M23 Data encryption equipment 



[Translation done.] 
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Drawing selection i drawing 1 




[Translation done.] 
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